論文1407 0803v1_h

1、Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible SoundZhe Zhou, Wenrui Diao, Xiangyu Liu, Kehuan ZhangDepartment of Information Engineering The Chinese University of Hong KongABSTRACTThe popularity of mobile device has made peoples lives more con- venient, but thr

2、eatened peoples privacy at the same time. As end users are becoming more and more concerned on the protection of their private information, it is even harder to track a specific user using conventional technologies. For example, cookies might be cleared by users regularly. Apple has stopped apps acc

3、essing UDIDs, and Android phones use some special permission to pro- tect IMEI code. To address this challenge, some recent studies have worked on tracing smart phones using the hardware features resulted from the imperfect manufacturing process. These works have demonstrated that different devices

4、can be differentiated to each other. However, it still has a long way to go in order to re- place cookie and be deployed in real world scenarios, especially in terms of properties like uniqueness, robustness, etc. In this pa- per, we presented a novel method to generate stable and unique device ID s

5、tealthy for smartphones by exploiting the frequency re- sponse of the speaker. With carefully selected audio frequencies and special sound wave patterns, we can reduce the impacts of non- linear effects and noises, and keep our feature extraction process un-noticeable to users. The extracted feature

6、 is not only very stable for a given smart phone speaker, but also unique to that phone. Thephones often contain more private and sensitive information, like SMS, contacts, location, etc. And studies showed that such sensi- tive data is the major reason why smart phones are so attractive to attacker

7、s 43.Fortunately, people are becoming better educated to know how to protect their privacy. Statistics from Pew Internet Project shows that almost 90% of adult Internet users have taken steps to avoid surveillance by other people or organizations, like clearing cook- ies, encrypting email, and using

8、 an alias 2. To attract users, ma- jor browsers now support various privacy protection features, like “Dont Track”, third party cookie disabling, etc. Governments and organizations are also working on laws to protect users privacy.However, being able to track users is really useful and impor- tant i

9、n many legitimate applications. So, it is not surprising to see that many big companies declare plans to give up using cookie on one side, but also work on new tracking technologies on the other side 6. There are also many studies on the stop-tracking and new tracking technologies in the academia wo

10、rld 36, 32, 39, 28, 41, 29,35.Among these new tracking technologies, some suggested to use device ID to substitute cookies 11, mainly because that device ID is more straightforward and cannot be wiped or reset easily. Typi- cally, many things can be used as device ID, such as UDID (Unique Device ID)

11、 from Apple, IMEI for general mobile phones, Android ID for Android phones, MAC addresses of Wi-Fi and Ethernet net- work interfaces or Bluetooth modules 40, and so on. Some recent researches also suggested to construct device ID using hardware features resulted from imperfect manufacture process, l

12、ike the ac- celerometers 21 and speakers 19.But each of these solutions has its own limitations which make it hard to replace the traditional user tracking approach based on cookies. On one hand, system vendors can easily block the ac- cess of a device ID by removing relevant APIs, and on the other

13、hand, some newly discovered device ID is not mature enough to be deployed in real world production scenarios. For example, Ap- ple ceased the use of UDID recently 3, and on Android, access- ing to IMEI requires a special permission that could be revoked by Google if necessary (actually, Google made

14、changes to Android permission system from time to time, and recently, they just took back the permission on SD card writing 1, so there is no guarantee that they would not take back permission related to IMEI and other possible device IDs). For newly discovered device IDs, like the one extracted fro

15、m accelerometers and speakers, the false positive rate is still too high and they are not stable and robust enough to givefeature contarich information that is equivalent to around 40 bitsof entropy, which is enough to identify billions of different smartphones of the same model. We have built a pro

16、totype to evaluate our method, and the results show that the generated device ID can be used as a replacement of cookie.1.INTRODUCTIONSmart phone is playing an increasingly important role in our daily lives, including both work and personal entertainment, which makes the security of smart phones a v

17、ery important and urgent problem, especially the protection of user privacy. Smart phone sales are experiencing nearly 40% year on year increasing reported by IDC8. However, according to F-secure, a continued 49% rais- ing of mobile threat was witnessed in the last quarter, and 91.3% of them targete

18、d at Android platform, the most popular mobile operat- ing system today4. Different from traditional desktop PCs, smartPermission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profi

19、t or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.Copyright 20XX ACM X-XXXXX-XX-X/XX/XX .$15.00.each device an unique ID

20、(more details are givenection 8).So, in this paper we propose another device ID generation methodthat could reach the requirement that a cookie replacement should do: uniqueness, robustness, and stealthy. Our basic idea is hardware-1arXiv:1407.0803v1 cs.CR 3 Jul 2014based identification on smart pho

21、ne by leveraging frequency re- sponse of speaker, while our technical is, however, totally different from previous work, which improved the final results dramatically. One of our fundamental differences to previous work is the use of high frequency sound. In previous work 19, a piece of music is pla

22、yed, which falls to the frequency range normally lower than 10 kHz, thus can be easily heard by the smart phone owner. Whats more, majority of our environmental noises also fall into this range,which makes the feature extraction difficult and unstable.By contrast, our method uses audio frequency hig

23、her than 14 kHz, which is chosen after careful studies of various factors, including the environment noise, characteristics of human hearing, as well as the manufacturing technology of speakers. For example, as shownthe extracted device ID is very stable, with negligible false positive and false neg

24、ative rates.Roadmap. The rest of the paper is organized as follows. We list required assumptions and adversary modelsection 2 and thengive an overview of our proposed methodection 3. The detailsof our design in givenection 4, followed by a comprehensiveWe compare our work with prior onesection 8, an

25、d discussedthe potential limitationsection 7. Section 9 concludes the paper.2.ADVERSARY MODELby our experimentsection 5, in most cases, there are less noiseThis section describe the assumptions required to extract device ID from smart phone speakers, and the potential adversary/applica- tion scenari

26、os our method may be applicable.in higher frequency range. Whats more, studies of human hearingindicate that our ears are much less sensitive at sound with higher frequency, which means that people can easily hear a sound with 4 kHz at 30 dB, but is hard to perceive another 16 kHz sound at the2.1App

27、lication Scenariossame 30 dB (more details are givenection 3).As a device fingerprinting technology, the method to be inves- tigated in this paper is pretty neutral, and its only purpose to ex- tract some features from the sound played by smart phone speakers. There are two typical application scena

28、rios: self-fingerprinting andMore importantly, we found that speakers perform more diverselyat higher frequency range, which helped us be able to get uniquefeature for each of them with negligible false positive and false neg- ative rates. Ideally, we would expect each speaker perform in the same wa

29、y: output every frequency equally without any attenuation. However, this is impossible in real world, so speaker manufacturers have to make trade-offs among the cost, manufacturing technology, and the perception of human ears. As mentioned above, people are more sensitive to low frequency audio, so

30、the speaker manufactur- ers focused on the optimization at lower frequency range first, and optimize higher frequency range later only if cost/budget permits. As the result, it is not surprising that the frequency response curves of the same products are similar at lower frequency range, but differ

31、to each other dramatically at higher frequency range (more detailscross-fingerprinting.elf-fingerprinting, an application is tryingto get device ID of the smart phone on which it is running, and incross-fingerprinting, application on one smart phone is trying to get device ID of another smart phone

32、(with the help of an app on that phone which is periodically playing specially crafted audio).The extracted device ID itself can have many useful applications. For example, it can be used to replace cookie to accurately trace an end user by online advertisers in order to deliver targeted advertise-

33、ments. It can also be used to in-door tracking and tracking stolenwill be givenection 3).Another fundamental difference to previous work is that we con-2.2Assumptionsstruct audio stimulus pattern carefully to minimize the impacts ofThe device fingerprinting process actually contathree steps:play the

34、 specially crafted audio, record the speaker output, and transmit the preprocessed feature to server. These three steps can be mapped to three different operations or permissions: play audio, access microphone, and access Internet.previous work, we choose to output a stable combination of about seve

35、nty different frequencies, and later when extracting features, only analyze response at these frequency points. So, noises not on those frequency points can be filtered, but more importantly, the speaker can work in a stable state in which its features can be exposed steadily and completely. We beli

36、eve that such design is crucial to get unique and robust device ID.Contributions. We summarize our contributions as follows:Play audio: According to current Android permission mech- anism, playing audio does not require any permission.Access to microphone: This is the only necessary permission requi

37、red by our proposed method, since we have to record the speaker output. However, depending on the specific applica- tion scenario, the microphone permission could locate on the same phone that playing the audio (i.e., self-fingerprinting), or on a different phone (cross-fingerprinting).We carefully

38、analyzed many different factors that could af- fect the construction of unique and robust device ID from mobile phone speakers, and proposed to use high frequency sound with special frequency pattern as stimulation to speak- ers, which not only can make the whole process unnoticeable by the smart ph

39、one owners, but also can minimize the impact of background noises and non-linear features.Access to Internet: This permission is unnecessary and can be bypassed using an existing vulnerability mentioned in 45 by appending the data to a GET request of stock browsers. The size of each extracted featur

40、e never exceeds 1 KB, so the length limitation of GET request is also not a problem.We developed novel algorithms to extract and match features from the recorded speaker response, which is built on self-correlation and cross-correlation functions,tead of usingcomplex machine learning algorithm. We a

41、lso developed method to estimate the potential false positive and false neg- ative rate.3.OVERVIEWIn this section we introduce the reason why to study sound acous- tic fingerprinting of mobile devices though some related work al- ready existed, and briefly describe the technical background of our ap

42、proach.We built a prototype and performed a comprehensive eval- uation over the proposed method, and the results show that23.1Three Goals to Be Achieveda varying magnetic field that react with the fixed magnet and drive the cone to fluctuate according to the currents 18. Figure. 2 illustrates the st

43、ructure of the speaker 18.We believe that any device fingerprinting technology, in order to be a substitution of cookie, should achieve following three goals si- multaneously: uniqueness, robustness, and stealthiness. In terms of uniqueness, the fingerprints generated for different devices should be

44、 different enough to each other, otherwise there would be serious usability problem (imagine that two different users share an identi- cal cookie). Robustness means the fingerprints generation method should be able to generate a consistent fingerprints for the same de- vice at different time and und

45、er different scenarios. The last goal, stealthiness, require the fingerprints generation process should be unnoticeable by device owners.Limitations of existing solutions. When considering above goals, we found that existing solutions have various limitations. For ex- ample, the work done in 19 need

46、s to play some audible music, which make it hard to achieve “stealth” goal. In another work that uses accelerometers to track user, there would always be at least1 device out of 107 wrongly identified, which may not be accu- rate enough for cookie based applications in real world 21. More details wi

47、ll be given in related work section 8.Figure 2: Sectional View to Speaker Driver.High-end speaker systems may contain more than a single driver to let each driver focused on each frequency band and enhance the quality thereby, because that one driver can hardly handle the en- tire audible frequency

48、range limited by the mechanical feature of the driver. In the lower-end speaker market, like what in the phone, where usually only one driver is used, manufacture is capable to control the quality of their product in only a narrow frequency range, while quality outside the important frequency range

49、is less concerned for some reasons.Firstly, the important frequency range covers most of humans sensitive frequency range, while we are not sensitive to the left fre- quency range, which leads the quality control outside the main fre- quency range less meaningful.Secondly, compensating the quality c

50、osts a lot, which increases the overall costs and decrease the competitiveness of the manufac- ture in terms of price. For example, adding an independent high frequency driver enhances the quality sharply, however increases the cost multiple times. So phones in the market are often equipped with onl

51、y single speaker driver.As the result, manufacture control the sensitive range quality and3.2Our Key TechniquesOur key techniques could be described in a single sentence: use microphone to record the output from device speaker stimulated by high frequency audio wave with some special pattern. Howeve

52、r, it requires more words to explain the rationale behind and how uniqueness, robustness, and stealthiness are achieved with these techniques.3.2.1Be Stealthy with High Frequency AudioCommon sense tells us that human being cannot hear all voice generated by the world. For example, infrasonic wave pr

53、oduced by earthquake doesnt make any feeling to human but can be detected by machines, which play an important role in the disaster forecast- ing. Ultrasonic, possesses similar attributes. Figure. 1 shows how is humans hearable zone 10.let alone theensitive frequency range.Frequency response present

54、s the quality of a speaker from theperspective of frequency, which weight the quality of a speakerby reflecting the gain or attenuation the speaker provide at each frequency point. It is easy to conduct that the more the response curve is flat, the better voice quality will it provide. Figure 3, cap

55、- tured from the Internet 5, presents the frequency response of three speakers which shows that: at low frequency segment, they have similar response curves, meanwhile, at high frequency segment, their response curves are different to each other dramatically. Not only the variances between different

56、 models of speakers but also the differences between what of the same model are huge.Both theoretical analysis and experimental result, which will be shown in the evaluation section, drives us to decide to use the high frequency range response feature, as it carries high variations be- tween each sp

57、eaker individuals.3.2.3Be Robust with Controlled Stimulus PatternsThe sampling data collected by many previous work are just the results of uncontrolled input stimulus. For example, in 21, the sampled accelerometer readings are stimulated by random user movement. In 19, even though the music played

58、could controlled, but the frequency component combinations and variations are de- termined by the stimulation as well as the abundant noise permu- tated in the environment. Due to the non-linear features of speakers,Figure 1: Sound Pressure Level of Human over Frequency.Most people are sensitive from some hundreds Hz to some thou- sands Hz and can only feel little lower than 200 or higher than 15 kHz if the sound is as loud as what generated by the phone. In other words, you can hear almost nothing if your cell-phone is playing a clip of music of which spectrum is null betwee